European Directive

Accessibility

tScheme and the Employee Authentication Service (EAS)

In early 2008, the UK Government’s Department for Education (DfE) started discussions with tScheme Limited about
establishing an independent ‘accreditation’ scheme to underpin what is now known as the Employee Authentication Service. Since then the
scheme has also been extended to allow appropriate Local Authority employees to access DWP information databases such as the Customer Information
System (CIS). Further details on EAS is available on the DFE website and on the
DWP website.

Overview of EAS

As can be seen from the following diagram:
A key part of the EAS process is the role of the Registration Agents that check the identity of those that need to have a credential that gives them
access to the various services necessary for their work.
Given that a critical element in the security of any data used or shared within the EAS community is the assurance in the identity of the credential
holders and that they are entitled to access the information and that they have undergone all appropriate training. To this end, DfE wanted to make
use of the existing tScheme framework for assessing the competence of Trust-Service Providers within the context of ISO 27001.

This model fits those cases where the credentials are being issued by an Identity Provider Service that has a full tScheme Approval, however
part of the EAS model is the provision of a central Shared-service IdP, which is accredited under a different, Government mechanism (also aligned to
ISO27001), therefore the concept of EAS-Ready has been established to allow for the RAs that are using this shared IdP to be assessed just for the
functions they are carrying out, against the relevant IdP Profiles - namely the Identity Registration, Attribute Registration and/or the Credential
Management (as determined by the EAS Policy Management Authority).